...
Author: Alex Torras (Unlicensed)
1.
...
Create SAML IdP
Go to Security → Identity providers
Select Add identity provider
Select SAML 2.0 IdP and then Next
In the Configure SAML 2.0 IdP section:
Enter a Name
In IdP username select
idpuser.subjectNameIdIn IdP Issuer URI enter
https://{$ENV_FQDN}:443/api/saml/metadataIn IdP Single Sign-On URL enter
https://{$ENV_FQDN}:443/api/saml/SSOIn Destination enter
https://{$ENV_FQDN}):443/api/saml/SSO
Select Finish
...
...
2. Create SAML Application
Go to Applications → Applications
Select Create App Integration
Select SAML 2.0 and then Next
Enter an App name and select Next
In the Configure SAML section:
In Single sign-on URL, DO NOT uncheck the Use this for Recipient URL and Destination URL, and enter
https://{$ENV_FQDN}:443/api/saml/SSOIn Audience URI (SP Entity ID) enter
https://{$ENV_FQDN}:443/api/saml/metadataIn Attribute Statements enter one for each claim declared in
abiquo.properties. Follow this table as an example:
...
Select Next and Finish.
Download the Metadata details from the Sign On tab: open the URL, right click, and save as
idp_metadata.xml.
...
...
3. Configure User claims
Go to Directory → People.
Select the user you want to configure
Select Assign Applications
Select Assign on the SAML Application previously created
Select Save and Go Back and Done
Select Profile tab
Select Edit and in attributes enter the following
Username: the
givennameFirst Name: the
nameLast Name: the
surnamePrimary email: the
emailTitle: the
abq-role(the external role configured in your environment)Department: the
abq-enterprise(the enterprise you want the user to sign in in your environment)
Select Save
...
...
4. Configure Abiquo
Create the
abq-enterprisethat you want the user to sign in to.Create the role and for the External roles, enter the
abq-rolethat you want to assign to the user.On the Abiquo Server, configure the
abiquo.propertiesfile :
...